In this presentation, we will show typical security flaws found in PL/SQL and Java code due to programmer mistakes. We will demonstrate how to use existing open-source scanning and fuzzing tools to automatically find and flag such flaws, and also demonstrate how creating your own tools in PL/SQL can help you keep your code secure.

In this presentation, we will show typical security flaws found in PL/SQL and Java code due to programmer mistakes. We will demonstrate how to use existing open-source scanning and fuzzing tools to automatically find and flag such flaws, and also demonstrate how creating your own tools in PL/SQL can help you keep your code secure.

−

you will learn:<br>

+

You will learn:<br>

1. Common security mistakes developers make<br>

1. Common security mistakes developers make<br>

2. How to use open source tools to find those mistakes<br>

2. How to use open source tools to find those mistakes<br>

Line 72:

Line 72:

<br>

<br>

'''Todd P. Desantis''' Todd DeSantis brings a wealth of technical knowledge and a passion for using technology to better society to his position as lead North American Sales Engineer at Sentrigo. With a background in computer science from Worcester Polytechnic Institute, Todd has been using his understanding of computer programming and database systems throughout his career. At Sentrigo Todd is striving to bring a higher level of database security and safety to the enterprise. Prior to Sentrigo Todd successfully helped Fortune 50 companies rethink data access paradigms with Endeca Technologies. Todd started his career at Enerjy Technologies where he helped organizations improve overall levels of Java code quality and visibility. In his spare time Todd, an avid audiophile, enjoys working toward creating the 'absolute sound' with hi-fi audio systems, and enjoys many different genres of music.

'''Todd P. Desantis''' Todd DeSantis brings a wealth of technical knowledge and a passion for using technology to better society to his position as lead North American Sales Engineer at Sentrigo. With a background in computer science from Worcester Polytechnic Institute, Todd has been using his understanding of computer programming and database systems throughout his career. At Sentrigo Todd is striving to bring a higher level of database security and safety to the enterprise. Prior to Sentrigo Todd successfully helped Fortune 50 companies rethink data access paradigms with Endeca Technologies. Todd started his career at Enerjy Technologies where he helped organizations improve overall levels of Java code quality and visibility. In his spare time Todd, an avid audiophile, enjoys working toward creating the 'absolute sound' with hi-fi audio systems, and enjoys many different genres of music.

−

<br>

+

<br><br>

'''Phil Hunt''' in his day job work on identity management standards for Oracle. He is particularly interested in issues of identity privacy and governance.

'''Phil Hunt''' in his day job work on identity management standards for Oracle. He is particularly interested in issues of identity privacy and governance.

Revision as of 11:11, 11 August 2009

OWASP Hartford

Welcome to the Hartford chapter homepage. The chapter leader is James McGovernClick here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsors

If you would like to sponsor either the food and/or door prizes for an upcoming meeting, please email James McGovern with your proposal. Independent of any financial considerations, sponsorship priority is driven by those who drive participation in OWASP to their employees and customers.

September 14th 2009

funds to OWASP earmarked for Hartford.
We would like to thank CA for sponsoring food and beverages for this event

Any application that will face the harsh realities of the “front lines” in a web environment must be tried and true. This is even more true when the application is a security product intended to protect whatever sits behind it. This presentation will discuss not only the different methods that are used to insure this high degree of assurance, but also the risks and cost factors associated with this process helping customers and vendors alike to both understand and think about all facets of this process.

Gregory Gotta
Gregory Gotta has over 10 years of experience in the Internet Security arena and is currently the SVP of Engineering at CA for all initiatives delivered by the Security BU. Products include market leaders in the WAM, SSO, Data Access, and SIM categories. He has held this position since July 2007. Prior to that he spent 7+ years at Symantec responsible for all Network/Gateway Security products. This included Firewall/VPN (Raptor), Intrusion Prevention, Content Filtering, and Mail Gateway products. While there he also lead the initiative to deliver the first multi-function appliance to market while driving a number of key acquisitions in this space.

October 12th 2009

funds to OWASP earmarked for Hartford.
We would like to thank IBM for sponsoring food and beverages for this event

Gunnar Peterson is a visiting scientist at Carnegie Mellon University’s Software Engineering Institute, and a project leader for several OWASP projects on Web Services Security. He maintains an information security blog at http://1raindrop.typepad.com.
Grady Booch is recognized internationally for his innovative work on software architecture, software engineering, and modeling. He has been with IBM Rational as its Chief Scientist since Rational's founding in 1981. Grady is one of the original developers of the Unified Modeling Language (UML) and was also was one of the original developers of several of Rational's products. Grady has served as architect and architectural mentor for numerous complex software-intensive projects around the world.

November 17th 2009

funds to OWASP earmarked for Hartford.
We would like to thank Sentrigo for sponsoring food and beverages for this event

In this presentation, we will show typical security flaws found in PL/SQL and Java code due to programmer mistakes. We will demonstrate how to use existing open-source scanning and fuzzing tools to automatically find and flag such flaws, and also demonstrate how creating your own tools in PL/SQL can help you keep your code secure.

You will learn:
1. Common security mistakes developers make
2. How to use open source tools to find those mistakes
3. How to roll out your own PL/SQL fuzzer

Todd P. Desantis Todd DeSantis brings a wealth of technical knowledge and a passion for using technology to better society to his position as lead North American Sales Engineer at Sentrigo. With a background in computer science from Worcester Polytechnic Institute, Todd has been using his understanding of computer programming and database systems throughout his career. At Sentrigo Todd is striving to bring a higher level of database security and safety to the enterprise. Prior to Sentrigo Todd successfully helped Fortune 50 companies rethink data access paradigms with Endeca Technologies. Todd started his career at Enerjy Technologies where he helped organizations improve overall levels of Java code quality and visibility. In his spare time Todd, an avid audiophile, enjoys working toward creating the 'absolute sound' with hi-fi audio systems, and enjoys many different genres of music.

Phil Hunt in his day job work on identity management standards for Oracle. He is particularly interested in issues of identity privacy and governance.

Call for Sponsors/Speakers

This is a call for speakers/papers. If we haven't approached you, but you believe you have a significant discovery or new research that the security community would value, or enjoy hearing about, we invite you to submit your presentation topic for serious consideration. Preference will be given to speakers who can present new and innovative technical content to a broad audience. Of course, all presentations are expected to challenge the brightest and quickest of attendees - we wouldn't have it any other way.

OWASP is not a vendor fair. Consequently, there will be very little tolerance for commercial content within presentations. Attendees will be encouraged to quell any shameless marketing that is not immediately backed up with rationale for its inclusion.

Some topics of interest for upcoming meetings include (but are not limited to):

Locations

All meetings are held at the headquarters of The Hartford Financial Services Group (The Hartford), One Hartford Plaza, Hartford CT 06115 in the Tower Building, Atrium Conference Room. Free parking is available in our Tower Ramp Garage.